Mobile app version of vmapp.org
Login or Join
Jessie594

: How to 301 redirect old domain to new domain on same host with SSL and avoid Privacy Error Here's the environment: Apache, mod_rewrite.c exists WordPress Two domains that point to the same webhost,

@Jessie594

Posted in: #Htaccess #Https #Redirects

Here's the environment:


Apache, mod_rewrite.c exists
WordPress
Two domains that point to the same webhost, we'll call them
olddomain.com www.newdomain.com



We have an SSL Certificate for newdomain.com, but not olddomain.com, as per the rules about needing two separate IPs for separate SSL certificates.

My current .htaccess file works great EXCEPT when you type in
**https**://www.olddomain.com

Then the browser throws a Privacy Error "Your connection is not private" type page.

Here's what the .htaccess looks like:

Please note that the WordPress section and the Spam Referrer section probably have nothing to do with this, but I'm including them in case they're causing problems:

Options +FollowSymLinks -MultiViews
RewriteEngine on
#
# if requested hostname is non-blank
RewriteCond %{HTTP_HOST} .
# and if requested hostname is NOT "newdomain.com"
RewriteCond %{HTTP_HOST} !^www.newdomain.com
# redirect to same object in correct domain
RewriteRule (.*) www.newdomain.com/ [R=301,L]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

##Block Spam Referrer
SetEnvIfNoCase Referer blackhatworth.com spam=yes
SetEnvIfNoCase Referer priceg.com spam=yes
Order Allow,Deny
Allow from all
Deny from env=spam

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Jessie594

2 Comments

Sorted by latest first Latest Oldest Best

 

@Holmes151

This is easy to do, and the only piece of the puzzle missing is an SSL cert for olddomain.com. Forget the idea about IP addresses restricting you, this misunderstanding is the root cause of your issue.

'Domain Validated' (or DV) certificates are very inexpensive and available from multiple vendors for well under USD. I have used cheapsslsecurity.com and gogetssl.com, but there are many others and the product is identical so buy one anywhere you like. Grab a DV certificate for olddomain.com to use for the redirect.

The reason browsers return the error is because the SSL protocol is a separate layer which encapsulates the HTTP protocol, and the SSL session takes place before the HTTP session can begin. That prevents your HTTP redirect from happening - we aren't at that layer yet.

Simply put, you need to present a valid certificate for the SSL handshake, then your redirect happens. The redirect code goes in your Apache config (either a VirtualHost block or .htaccess) along with the certificate paths like this:

<VirtualHost 127.0.0.1:443>

# Declare this rule only for the old domain
ServerName OLDDOMAIN.com

# Certificates presented so we can move on to the next step
SSLEngine on
SSLCertificateFile /PATH/TO/CERT.crt
SSLCertificateChainFile /PATH/TO/CHAIN-FILE.pem
SSLCertificateKeyFile /PATH/TO/KEY.key

# Use a redirect, it is far more efficient than using rewrite
Redirect 301 / www.NEWDOMAIN.com/
</VirtualHost>


Good luck and be aware that some hosts exploit this idea that SSL/TLS is somehow complicated or expensive and charge extortionate prices for it, or place unnecessary requirements like making you pay extra for a dedicated IP address. If your host told you this simply abandon them and move your sites elsewhere.

10% popularity Vote Up Vote Down


 

@Samaraweera270

While it isn't impossible to host multiple secure sites on a single IP address, thanks to SNI and SAN, the redirect you're trying to do is impossible without one of the aforementioned solutions. In order to receive a redirect from www.olddomain.com, the browser must have already requested that URL using SSL/TLS, and is expecting an encrypted response from the web server with a valid certificate for that domain - even if that response is only a 301.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme